1. Statement of the Technical Field
The present invention relates to the field of secure delivery of data over a computer communications network, and more particularly to the secure delivery of resources over the public Internet.
2. Description of the Related Art
The advent of network technologies and the Internet has given rise to extraordinary advances in interpersonal communications. Whereas conventional postal and courier services, telephony, teletype and facsimile technologies had previously provided the sole means of communications, network technologies, and particularly the Internet, has spawned an entirely more advanced and effective mode of communications. Examples of advanced network communications techniques include electronic mail, instant messaging and the various document transfer mechanisms such as the file transfer protocol. Still, the development of the functional World Wide Web in 1994 accelerated the rate at which individuals world wide relied upon the global Internet for interpersonal communications.
One important aspect of the World Wide Web includes document and data publishing and retrieval mechanisms. Prior to the World Wide Web, most document and data transfers occurred either over private communicative sessions over private telecommunications resources, or through public communicative services such as Archie, Gopher and Veronica. The World Wide Web, and more particularly, the hypertext transfer protocol (HTTP), however, provide a much simplified and more effective mechanism for sharing data.
Traditionally, the Uniform Resource Locator (URL) represents the resource access mechanism most utilized over the Internet. The global specification for the URL requires the statement of a network address, a resource location at the network address, and any optional parameters including protocol commands, parameters, and a payload. As will be recognized by one skilled in the art, a resource can include markup, a specific file or files, data, or programmatic logic.
In any case, to access data through the Internet using a URL, typically the desired resource and its respective location and a preferred command can be concatenated within a URL and transmitted to the destination device over the Internet. In HTTP, for instance, markup can be accessed through the following specification:                http_URL=“http:” “/” host [“:” port] [abs_path [“?” query]]where the host is the domain name of the resource server, abs_path is the location within the resource server, query is an application specific command, as determined by the server.        
While the naked use of the URL can suffice for public communications, the same cannot be said of private communications. For instance, where a Web accessible application involves the exchange of private data between client and server, unencrypted communications can either fall victim to one who might intercept the private data, or one who falsely masquerades as the client in order to obtain the private data. Of course, concerns with the malicious hacking of the server itself remain a paramount consideration in deploying an application to the World Wide Web. Consequently, several methods have been used in the past to secure private communications over the Internet.
For instance, a traditional means of delivering resources includes a folder-document URL technique in which resources can be structured at the server in a scheme which can be decoded by the client according to privately known information. Yet, to create such a scheme requires careful consideration in order to match a URL for every client. More importantly, the scheme can be easily reverse-engineered through careful study of the syntax within the URL itself. Thus, while the folder-document URL technique can suffice for generic access to public resources, the same cannot be said of secure access to private resources.
The programmatic URL technique represents another attempt at securing the confidentiality of data exchanged between client and server over the Internet. In the programmatic URL technique, HTTP POST or GET commands can provide parameterized identification data for the client which can be validated programmatically in the server. In this way, each customer can be uniquely and privately authenticated at the server. Still, to implement the programmatic URL technique, a consistent interface to the validation logic of the server must be exposed. Consequently, the interface can become conduit through which malicious hacking can be facilitated. As an example, the Code Red virus of the early twenty-first century exploited deficiencies in Web servers which had exposed an interface to a programmatic URL.
Secured Sockets Layer (SSL) technology, like the programmatic URL, provides a secure channel through which resources can be delivered from server to client. Still, SSL over secure HTTP (HTTPS) provides merely a secure channel and media for delivering a requested resource, rather than a secure pointer to the requested resource. Accordingly, like the programmatic URL, SSL over HTTPS, though a popular technology, suffers from the same deficiencies of the programmatic URL in as much as an interface must be exposed to support the validation logic of the server.
Cookies and tokens represent yet another popular technique for securing data communications between client and server. With cookie technology, authenticating data can be stored in the client and verified by the server during subsequent attempts to access secure data in the server. Cookie technology, however, can fail in the case of publicly accessible terminals and insecure computing devices used as the client where the security of the cookies themselves cannot be guaranteed. Tokens, by comparison, often combine cookies with programmatic URL technology to provide a more dynamic method of authenticating the client prior to exchanging sensitive data therewith.
Nevertheless, during the course of a transaction over the Internet, the token itself can be exposed and its integrity compromised. Also, to the extent that programmatic URLs are required to process the token, an unwanted interface must be exposed which can jeopardize the integrity of the server. Accordingly, there remains a long-felt unsolved need for securing access to resources over the publicly accessible Internet.